ImplicitGrantTest.java

package com.github.hburgmeier.jerseyoauth2.testsuite.base;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;

import org.junit.Test;
import org.scribe.model.Token;

import com.github.hburgmeier.jerseyoauth2.api.types.GrantType;
import com.github.hburgmeier.jerseyoauth2.api.types.ResponseType;
import com.github.hburgmeier.jerseyoauth2.testsuite.base.client.ClientException;
import com.github.hburgmeier.jerseyoauth2.testsuite.base.client.ResourceClient;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;

// This test OAuth2 Spec draft 31 Chapter 4.2
public class ImplicitGrantTest extends BaseTest {

	protected ClientEntity registerClient() {
		return authClient.createClient("public");
	}
	
	@Test
	public void testAccessToken()
	{
		String code = authClient.authorizeClient(clientEntity, "test1 test2").getCode();
		assertNotNull(code);
		restClient.setFollowRedirects(false);
		
		ResourceClient client = new ResourceClient(clientEntity.getClientId(), GrantType.AUTHORIZATION_REQUEST, ResponseType.TOKEN);
		String authUrl = client.getAuthUrl(null);
		
		WebResource webResource = restClient.resource(authUrl);
		ClientResponse clientResponse = webResource.get(ClientResponse.class);
		assertEquals(302, clientResponse.getStatus());
		String fragment = clientResponse.getLocation().getFragment();
		assertNotNull(fragment);
	}

	@Test
	public void testNoRefreshToken()
	{
		String code = authClient.authorizeClient(clientEntity, "test1 test2").getCode();
		assertNotNull(code);
		restClient.setFollowRedirects(false);
		
		ResourceClient client = new ResourceClient(clientEntity.getClientId(), GrantType.AUTHORIZATION_REQUEST, ResponseType.TOKEN);
		String authUrl = client.getAuthUrl(null);
		
		WebResource webResource = restClient.resource(authUrl);
		ClientResponse clientResponse = webResource.get(ClientResponse.class);
		assertEquals(302, clientResponse.getStatus());
		String fragment = clientResponse.getLocation().getFragment();
		assertNotNull(fragment);
		assertTrue(!fragment.contains("refresh_token"));
	}	
	
	@Test
	public void testResourceAccess() throws ClientException
	{
		String code = authClient.authorizeClient(clientEntity, "test1 test2").getCode();
		assertNotNull(code);
		restClient.setFollowRedirects(false);
		
		ResourceClient client = new ResourceClient(clientEntity.getClientId(), GrantType.AUTHORIZATION_REQUEST, ResponseType.TOKEN);
		String authUrl = client.getAuthUrl(null);
		
		WebResource webResource = restClient.resource(authUrl);
		ClientResponse clientResponse = webResource.get(ClientResponse.class);
		assertEquals(302, clientResponse.getStatus());
		String fragment = clientResponse.getLocation().getFragment();
		assertNotNull(fragment);
		
		Token accessToken = client.parseFragment(fragment);
		client.sendTestRequestSample1(accessToken);
		
	}	
	
	@Test
	public void testAuthCodeWithImplicit() throws ClientException
	{
		String code = authClient.authorizeClient(clientEntity, "test1 test2").getCode();
		assertNotNull(code);
		restClient.setFollowRedirects(false);
		
		ResourceClient client = new ResourceClient(clientEntity.getClientId(), GrantType.AUTHORIZATION_REQUEST, ResponseType.CODE);
		String authUrl = client.getAuthUrl(null);
		
		WebResource webResource = restClient.resource(authUrl);
		ClientResponse clientResponse = webResource.get(ClientResponse.class);
		assertTrue(clientResponse.getLocation().toString().startsWith("http://localhost:9998/testsuite?error=unsupported_response_type"));
	}
}